E6 (R2): This guideline outlines the good clinical practices for clinical trials, with implications for the collection and management of data through AI-driven systems.

These regulations are critical in establishing a framework within which AI applications can operate while maintaining compliance and ensuring data integrity.

Documentation

Effective documentation practices are paramount to demonstrate compliance with 21 CFR Part 11 and related guidelines when utilizing AI in quality systems. Below are key components of such documentation:

• Data Governance Policies: Clear policies detailing data ownership, accountability, and accessibility must be outlined to govern the lifecycle of data used in AI applications.
• Validation Documentation: Each AI system should undergo rigorous validation processes, documented meticulously according to the predicate rules under 21 CFR Part 11.
• Audit Trails: Documents should include comprehensive audit trails that track all changes made to electronic records, ensuring that any alterations to the data can be traced back to their source.
• Risk Assessment Reports: Thorough risk assessments need to be conducted to identify potential vulnerabilities associated with data governance and AI deployment.

Justifying AI Validation

A well-structured validation strategy for AI applications is essential to meet regulatory expectations. Justifications should be based on:

• Intent of Use: Clearly define the purpose of the AI system and align it with regulatory requirements and industry standards.
• Risk Management: Incorporate risk management principles to identify potential compliance risks associated with AI systems.
• Performance Metrics: Relevant performance metrics should be established early on, allowing for clear evaluation throughout the AI model lifecycle.

Review/Approval Flow

Establishing a concise review and approval process is necessary to ensure that AI systems and associated data governance strategies adhere to regulatory frameworks. The review process should typically include the following steps:

1. Initial Assessment: Regulatory Affairs (RA) professionals must perform an initial evaluation of the AI system to determine the necessary regulatory requirements.
2. Documentation Submission: Compile all necessary documentation and submit it for internal review, ensuring all materials are aligned with 21 CFR Part 11 and relevant European regulations.
3. Internal Review: An internal quality team should review documentation, providing feedback and requesting additional data if necessary.
4. Regulatory Submission: After internal approval, the final submission to regulatory authorities, such as the FDA or EMA, should include comprehensive documentation demonstrating data governance and compliance with applicable regulations.
5. Post-Approval Monitoring: Once approved, continuous monitoring should be maintained to ensure ongoing compliance and adapt to regulatory changes.

Common Deficiencies

Related to AI applications and data governance, the following common deficiencies may arise during inspections or submissions:

• Lack of Documentation: Failure to maintain thorough documentation of AI system validation and performance metrics can lead to significant compliance issues.
• Inadequate Risk Assessments: Insufficient risk assessments concerning data governance, AI model implications, or electronic records management can result in critical vulnerabilities.
• Poor Change Control Processes: Ineffective change control processes can render an AI system noncompliant, especially if audit trails are incomplete or unclear.

Regulatory agencies like the FDA, EMA, and MHRA typically query these deficient areas, necessitating a comprehensive strategy to proactively address potential compliance risks.

RA-Specific Decision Points

Regulatory professionals must consider various decision points when integrating AI into quality systems. The key decision points include:

New Application vs. Variation

Deciding whether a new AI system is considered a new application or a variation involves thorough evaluation:

• New Application: If the AI system significantly alters the way data is processed or introduces new functionalities that impact safety, efficacy, or quality, a new application may be warranted.
• Variation: Conversely, if the AI deployment only enhances existing systems without altering underlying processes fundamentally, a variation may be appropriate. Justifications should be clearly articulated during this decision-making process.

Bridging Data Justification

Bridging data refers to the use of existing data to support changes or upgrades in AI systems. Justification for utilizing bridging data should include:

• Scientific Rationale: A clear scientific basis for using historical data must be established, ensuring alignment with regulatory criteria.
• Comparative Analysis: Conduct a comparative analysis showcasing how the bridged data correlates with the new AI system’s functions or intended outcomes.
• Expert Opinions: Including expert opinions or validation studies from recognized professionals can strengthen the justification for using bridging data.

Integration with Other Regulatory Functions

The integration of Regulatory Affairs with other critical functions is essential for effective data governance and AI compliance. Understanding these interactions can reinforce an organization’s compliance framework. Key interactions include:

CMC Interactions

The Chemistry, Manufacturing, and Controls (CMC) function must collaborate closely with Regulatory Affairs to ensure that the AI systems used in manufacturing processes meet implicated regulations and standards.

Clinical Trials

AI technologies can enhance patient data management and trial analytics. Regulatory Affairs must work alongside Clinical teams to validate these AI systems in line with ICH E6 (R2) requirements.

Pharmacovigilance

AI-driven data governance plays a significant role in pharmacovigilance, enhancing safety surveillance. Coordination between Regulatory Affairs and Pharmacovigilance is vital in establishing AI compliance protocols.

Quality Assurance

Quality Assurance (QA) must be integrated into the AI development lifecycle to validate processes and outputs, ensuring consistent adherence to regulatory guidelines.

Conclusion

With the increasing reliance on AI in pharmaceutical and biotech industries, strong data governance frameworks that adhere to 21 CFR Part 11 and related regulations are indispensable. Regulatory Affairs professionals must proactively navigate regulatory landscapes, ensuring robust documentation, comprehensive risk assessments, and diligent post-approval monitoring to maintain compliance. By focusing on decision-making processes regarding applications, variations, and bridging data, stakeholders can fortify their compliance stance in leveraging AI technologies.